Log message:
mail/postfix: update to 3.6.0
Postfix stable release 3.6.0 is available. This ends the support
for legacy release Postfix 3.2.
The main changes are below. See the RELEASE_NOTES file for further
details.
Incompatible changes:
* This release requires "postfix stop" before updating, or before
backing out to an earlier release, because some internal protocols
have changed. Otherwise, long-running daemons (pickup, qmgr,
verify, tlsproxy, postscreen) may fail to communicate with the
rest of Postfix, causing mail delivery delays until Postfix is
restarted.
* Respectful logging. Postfix version 3.6 deprecates terminology
that implies white is better than black. Instead, Postfix prefers
'allowlist', 'denylist', and variations on those words. This
change affects Postfix documentation, and postscreen parameters
and logging.
To keep the old postscreen logging set "respectful_logging =
no" in main.cf before setting "compatibility_level = 3.6". In
any case, the old postscreen parameter names will keep working
as before.
Other changes:
* The minimum supported OpenSSL version is 1.1.1, which will reach
the end of life by 2023-09-11. Postfix 3.6 is expected to reach
the end of support in 2025. Until then, Postfix will be updated
as needed for compatibility with OpenSSL.
The default fingerprint digest has changed from md5 to sha256
(Postfix 3.6 with compatibility_level >= 3.6). With a lower
compatibility_level setting, Postfix defaults to using md5, and
logs a warning when a Postfix configuration specifies no explicit
digest type.
The export-grade Diffie-Hellman key exchange is no longer
supported, and the tlsproxy_tls_dh512_param_file parameter is
ignored,
* Better error messages when someone configures an incorrect
program in master.cf. To recognize such mistakes, every Postfix
internal service, including the postdrop command, announces the
name of its protocol before doing any other I/O, and every
Postfix client program, including the Postfix sendmail command,
will verify that the protocol name matches what it expects.
* Fine-grained control over the envelope sender address for
submission with the Postfix sendmail (or postdrop) commands.
Example:
/etc/postfix/main.cf:
# Allow root and postfix full control, anyone else can only
# send mail as themselves. Use "uid:" followed by the numerical
# UID when the UID has no entry in the UNIX password file.
local_login_sender_maps =
inline:{ { root = *}, { postfix = * } },
pcre:/etc/postfix/login_senders
/etc/postfix/login_senders:
# Allow both the bare username and the user@domain forms.
/(.+)/ $1 $1@example.com
* Threaded bounces. This allows mail readers to present a
non-delivery, delayed delivery, or successful delivery notification
in the same email thread as the original message.
Unfortunately, this also makes it easy for users to mistakenly
delete the whole email thread (all related messages), instead
of deleting only the delivery status notification.
To enable, specify "enable_threaded_bounces = yes".
* Postfix by default no longer uses the services(5) database to
look up the TCP ports for SMTP and LMTP services. Instead, this
information is configured with the new known_tcp_ports configuration
parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
submission=587). When a service is not specified in known_tcp_ports,
Postfix will still query the services(5) database.
* Starting with Postfix version 3.6, the compatibility level is
"3.6". In future Postfix releases, the compatibility level will
be the Postfix version that introduced the last incompatible
change. The level is formatted as 'major.minor.patch', where
'patch' is usually omitted and defaults to zero. Earlier
compatibility levels are 0, 1 and 2.
This also introduces main.cf and master.cf support for the
<=level, < level, and other operators to compare compatibility
levels. With the standard <=, <, etc. operators, compatibility
level 3.10 would be less than 3.9, which is undesirable.
|
Log message:
mail/postfix: update to 3.5.3
Update postfix and related pacakges to 3.5.3.
Quote freom release announce.
Postfix 3.5.3, 3.4.13:
* TLS handshake failure in the Postfix SMTP server during SNI
processing, after the server-side TLS engine sent a TLSv1.3
HelloRetryRequest (HRR) to a remote SMTP client. Reported by
J??n M??t??, fixed by Viktor Dukhovni.
Postfix versions 3.5.3, 3.4.13, 3.3.11, 3.2.16:
* The command "postfix tls deploy-server-cert" did not handle a
missing optional argument. This bug was introduced in Postfix
3.1.
|
Log message:
mail/postfix: update to 3.5.1
Update postfix to 3.5.1.
3.5.0 (2020-03-16)
Postfix stable release 3.5.0 is available. Support has ended for
legacy release Postfix 3.1.
The main changes are below. See the RELEASE_NOTES file for further details.
* Support for the haproxy v2 protocol. The Postfix implementation
supports TCP over IPv4 and IPv6, as well as non-proxied
connections; the latter are typically used for heartbeat tests.
* Support to force-expire email messages. This introduces new
postsuper(1) command-line options to request expiration, and
additional information in mailq(1) or postqueue(1) output.
* The Postfix SMTP and LMTP client support a list of nexthop
destinations separated by comma or whitespace. These destinations
will be tried in the specified order. Examples:
/etc/postfix/main.cf:
relayhost = foo.example, bar.example
default_transport = smtp:foo.example, bar.example
Incompatible changes:
* Logging: Postfix daemon processes now log the from= and to=
addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart
contains spaces or other special characters, the localpart will
be quoted, for example:
from=<"name with spaces"@example.com>
Specify "info_log_address_format = internal" for backwards \
compatibility.
* Postfix now normalizes IP addresses received with XCLIENT,
XFORWARD, or with the HaProxy protocol, for consistency with
direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match
subnets of an IPv6 address.
3.5.1 (2020-04-20)
Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14:
* Bitrot workaround for broken builds after an incompatible change
in GCC 10.
* Bitrot workaround for broken DANE/DNSSEC support after an
incompatible change in GLIBC 2.31. This change avoids the need
for new options in /etc/resolv.conf.
|